Jump to content

Recommended Posts

Posted

I have hundreds of devices in my environment that shows windows updates stuck on in progress 

I am trying to figure out the best way to either force the windows update or restart WSUS ? any help would be appreciated 

Screenshot 2024-05-30 at 8.59.24 AM.png

Posted

I have seen that happen when there was a pending reboot before the update was applied.  Is it the same patch, or is this just an example screenshot with the time from back in November last year when the ship may have sailed by them?

  • Like 1
Posted

thank you for the reply its hundreds of pc in our environment and all different dates and i am finding some that just stopped updating from a specific date .  So this environment has around 8k PC's and for months around 2k of them dont update when they push a release . Ifigured out the first part "they were pushing legacy windows update profiles" The second being this issue were hundreds of pc's either show install status in progress or they are just. not updating anymore 

  • Employee
Posted
On 5/31/2024 at 4:52 AM, Rondelltron said:

thank you for the reply its hundreds of pc in our environment and all different dates and i am finding some that just stopped updating from a specific date .  So this environment has around 8k PC's and for months around 2k of them dont update when they push a release . Ifigured out the first part "they were pushing legacy windows update profiles" The second being this issue were hundreds of pc's either show install status in progress or they are just. not updating anymore 


Hello, 

We recommend indeed to use the latest Windows Update profiles since MS made some modifications:
https://kb.omnissa.com/s/article/91032?lang=en_US

You could also use the Beta profiles to generate CSP code and push it as Custom Profile:

image.thumb.png.88ebd6882e8ba04ae9413a97a440580a.png

 

Anyway, you can use these path to check the applied configuration on your devices:

  • "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current\device"
  • "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\{EnrollmentGUID}\default\Device"

For more informations check the Windows 10 cheat sheet:
https://techzone.omnissa.com/api/checkuseraccess?referer=/sites/default/files/associated-content/2110_Windows_Troubleshooting_Cheat_Sheet.pdf

  • Like 1

Technical Adoption Manager

Posted

Is there a way to force re-approval to past updates in mass?

Also we have devices that show they got approved for an update but when we go to the updates section on that computer the KB release does not show its like the device does not know there is an update even available . this is what happens every month . we push the KB to 8k devices and close to 2k dot get them . in that 2 k we have devices that are in a stuck showing install in progress for weeks and then devices that just dont show the update at all . But then a month or two will go by and it gets a new KB we released and updates . So we go through this issue of around 2 devices that are not updating but its not always the same devices 

Screenshot2024-06-03at12_27_27PM.thumb.png.bf855fb9d0351912b562658e57f4a94f.png

Screenshot 2024-06-03 at 12.48.08 PM.png

  • Employee
Posted (edited)

@Rondelltron

The Windows Update approval is deprecated by Microsoft:

image.thumb.png.dbd1a227c28343baaf52e6556d83a300.png

 https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
 

I strongly advise to remove all Windows Update KB assignment on your UEM Console.

You have two solution to manage Windows Update on your fleet:

  • Let the control to Microsoft and apply all Cumulative update on a regular basis (Tuesday patch)
  • Point directly on a WSUS server and approve KB from there only 
Edited by Julien GOINDIN

Technical Adoption Manager

Posted

So you saying we should no longer use this method to release KB's to PC's?

I am new to this team and am learning what they have been doing for a while now . Maybe these guys never updated their way of pushing updates to pc's. 

Right now they push out this profile : Windows Update (legacy) to around 10k PC's 

and every super tuesday they push out the new KB via the device updates module in WS1. around 1500-2k devices are in these one of three pots ive figured out :

1. device just stopped getting updates randomly at a specific date but will then show they have done updates recently

2. Device shows that it stopped getting updates at a specific date and nothing after  . device just stuck on a specific os build and will not update

 

3. Device shows that is stuck in a "installing updates" and will not update 


if you manually log in to any of these types of device and poweshell windows updates . the pc will update

Screenshot 2024-06-04 at 9.03.03 AM.png

Screenshot 2024-06-04 at 9.05.35 AM.png

  • Employee
Posted
On 6/4/2024 at 3:10 PM, Rondelltron said:

So you saying we should no longer use this method to release KB's to PC's?

Indeed, we have a dedicated KB for this: https://kb.omnissa.com/s/article/88942

You should consider the "Device Update" signet for Windows devices deprecated.
Since 2022, we are pushing for Auto Update or WSUS.

Our Kb state this:

Quote

For those customers that require the ability to approve updates by classification, VMware recommends leveraging Microsoft WSUS as the source of your devices' updates. By leveraging WSUS, you can control what updates the device can see, and thus prevent a particular update from being installed. 


From Microsoft point of view, you should use automatic approval of every Tuesday patch using their CSP.
If you still desire to manage Windows Update manually, the only solution is to use a WSUS server.

 

Technical Adoption Manager

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...